summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firewall.hs
diff options
context:
space:
mode:
authorJoey Hess2016-03-07 18:23:20 -0400
committerJoey Hess2016-03-07 18:23:20 -0400
commit89f9b3cbe16d708912c91db76ed6a2d5cf9851b2 (patch)
treec4ad9a2b8d7a2e719288e6d38b537d31d1b7633a /src/Propellor/Property/Firewall.hs
parent6eb4f7a2f9bbabc5c606f624e9b8380a16224690 (diff)
parent9556734c02a0b05764e83419ae72710908419cdc (diff)
Merge branch 'joeyconfig'
Diffstat (limited to 'src/Propellor/Property/Firewall.hs')
-rw-r--r--src/Propellor/Property/Firewall.hs13
1 files changed, 9 insertions, 4 deletions
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index cb0f0b64..fa1f95d4 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -51,9 +51,9 @@ toIpTable r = map Param $
toIpTableArg :: Rules -> [String]
toIpTableArg Everything = []
toIpTableArg (Proto proto) = ["-p", map toLower $ show proto]
-toIpTableArg (DPort (Port port)) = ["--dport", show port]
-toIpTableArg (DPortRange (Port f, Port t)) =
- ["--dport", show f ++ ":" ++ show t]
+toIpTableArg (DPort port) = ["--dport", fromPort port]
+toIpTableArg (DPortRange (portf, portt)) =
+ ["--dport", fromPort portf ++ ":" ++ fromPort portt]
toIpTableArg (InIFace iface) = ["-i", iface]
toIpTableArg (OutIFace iface) = ["-o", iface]
toIpTableArg (Ctstate states) =
@@ -87,6 +87,10 @@ toIpTableArg (Destination ipwm) =
[ "-d"
, intercalate "," (map fromIPWithMask ipwm)
]
+toIpTableArg (NatDestination ip mport) =
+ [ "--to-destination"
+ , fromIPAddr ip ++ maybe "" (\p -> ":" ++ fromPort p) mport
+ ]
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
data IPWithMask = IPWithNoMask IPAddr | IPWithIPMask IPAddr IPAddr | IPWithNumMask IPAddr Int
@@ -167,7 +171,7 @@ data Rules
-- ^There is actually some order dependency between proto and port so this should be a specific
-- data type with proto + ports
| DPort Port
- | DPortRange (Port,Port)
+ | DPortRange (Port, Port)
| InIFace Network.Interface
| OutIFace Network.Interface
| Ctstate [ ConnectionState ]
@@ -177,6 +181,7 @@ data Rules
| TCPSyn
| Source [ IPWithMask ]
| Destination [ IPWithMask ]
+ | NatDestination IPAddr (Maybe Port)
| Rules :- Rules -- ^Combine two rules
deriving (Eq, Show)